diff --git a/content/en/integrations/guide/azure-manual-setup.md b/content/en/integrations/guide/azure-manual-setup.md index 8b645c98459ca..b6eb1cece26ee 100644 --- a/content/en/integrations/guide/azure-manual-setup.md +++ b/content/en/integrations/guide/azure-manual-setup.md @@ -1,6 +1,5 @@ --- title: Azure Integration Manual Setup Guide - description: "Steps for manually setting up the Datadog Azure integration" further_reading: - link: "https://docs.datadoghq.com/agent/faq/why-should-i-install-the-agent-on-my-cloud-instances/" @@ -33,6 +32,33 @@ Use this guide to manually set up the [Datadog Azure integration][1] through an ## Setup +{{% collapse-content title="Permissions required for integration setup" level="h4" expanded=false id="required-permissions" %}} + +#### In Azure + +Your Microsoft Entra ID user needs the following permissions: + +##### Permission to create an app registration + +**One** of the following must be true for the user: + +- `Users can register applications` has been set to `Yes` +- The user has the [Application Developer][17] role + +##### Permission to assign `Monitoring Reader` permissions + +The `Microsoft.Authorization/roleAssignments/write` permission is required, scoped to any subscriptions or management groups to monitor. This permission is part of the [Role Based Access Control Administrator role][14]. + +##### Permission to add and grant consent for Graph API permissions + +The [Privileged Role Administrator role][15] contains the required permissions. + +#### In Datadog + +A Datadog [Application key][16] with at least the `azure_configurations_manage` permission. + +{{% /collapse-content %}} + ### Integrating through the Azure CLI To integrate Datadog with Azure using the Azure CLI, Datadog recommends using the [Azure Cloud Shell][7]. @@ -323,3 +349,7 @@ See the [Azure Logging guide][5] to set up log forwarding from your Azure enviro [9]: /monitors/notify/#configure-notifications-and-automations [12]: https://learn.microsoft.com/azure/partner-solutions/datadog/overview [13]: /integrations/guide/azure-native-manual-setup/ +[14]: https://learn.microsoft.com/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator +[15]: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator +[16]: /account_management/api-app-keys/#application-keys +[17]: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#application-developer